HTTP
Latest
Firefox Focus on Android now includes an HTTPS-only mode
Firefox 98 introduces a handful of small but handy features to the mobile version of Mozilla’s browser.
Chrome 94 will make sure you're connected to sites with HTTPS
With Chrome 94, Google will introduce a feature called HTTPS-First Mode that will attempt to upgrade all your connections to HTTPS.
Tim Berners-Lee is auctioning off the web's source code as an NFT for charity
Web pioneer Tim Berners-Lee will auction the original code for the modern internet as an NFT.
Chrome will soon let you know if a web form is unsecure
It'll turn off autofill on forms that are submitted insecurely.
Chrome now alerts you to unsecured HTTP sites
Chrome has already taken numerous measures to inform users if they're on an unencrypted HTTP website, but starting today it's going one step further, with version 68 of the browser displaying a warning whenever you visit an insecure site. Instead of a green padlock and the word "secure" in the address bar, as you'll see on a HTTPS site, you'll see the words "not secure." Click on it and you'll get a warning advising against entering any sensitive information on the site, as it could be stolen by hackers.
Upcoming Chrome update will label HTTP sites ‘not secure’
Chrome has been taking measures to inform users when they're on an unencrypted HTTP website, adding notifications to more and more sites over the last couple of years. Today, Google announced it will be taking that one step further, labeling all HTTP sites as "not secure" starting with the release of Chrome 68. You can see what that will look like in the image below.
Web status code tells you when sites are censored
With a few exceptions, web status codes are meant to indicate errors. A 404 page shows up when you tried to reach content that wasn't found, for example. However, there's now a code for those times when that absence is all too intentional. The newly published 451 code (a nod to Fahrenheit 451, naturally) lets site hosts and network providers warn you when censorship and similar "legal obstacles" prevent you from seeing web material. In theory, this gives you a much better explanation than the generic 403 "forbidden" code -- and a not-so-subtle hint that you need to jump through hoops to get the truth.
Mozilla: All new web features should require secure HTTP
A number of internet organizations and even the government want websites to use encryption by default in the future, and from the sound of it, Mozilla shares their view. The non-profit has announced that it plans to limit the capabilities of "the non-secure web" (aka websites that don't use HTTPS), in order to encourage a more widespread use of encryption. Mozilla has a two-element approach in place, one of which is making all new features of the Firefox browser and its other products available only to secure websites when we reach a certain date. The org will consult its users -- just like it did before it ultimately decided it wants to stop supporting unencrypted sites in the long run -- not only to pinpoint that date, but also to decide what features are considered "new" by that time.
What you need to know about HTTP/2
Look at the address bar in your browser. See those letters at the front, "HTTP"? That stands for Hypertext Transfer Protocol, the mechanism a browser uses to request information from a server and display webpages on your screen. A new version of the reliable and ubiquitous HTTP protocol was recently published as a draft by the organization in charge of creating standards for the internet, the Internet Engineering Task Force (IETF). This means that the old version, HTTP/1.1, in use since 1999, will eventually be replaced by a new one, dubbed HTTP/2. This update improves the way browsers and servers communicate, allowing for faster transfer of information while reducing the amount of raw horsepower needed.
Netflix keeps its lead in streaming video use at home, YouTube rules the road
When we last checked in with Sandvine's stat trackers, Netflix reigned supreme in online video traffic at home, especially downstream. It's still sitting pretty several months later, Sandvine tells AllThingsD. Quite possibly helped by the House of Cards debut, Netflix kept a healthy lead at 32.3 percent of downstream use on wired networks this past March. That's no mean feat when some of its competition took big strides forward -- YouTube jumped up to 17.1 percent, and Hulu likely rode sweeps season to get 2.4 percent. In mobile, it's a different story. Netflix use on cellular almost doubled to 4 percent, but YouTube kept an uncontested lead at 27.3 percent of downstream use. It's not hard to see why after looking at other video formats people prefer on the road: raw HTTP video (19.2 percent) and Facebook (8.6 percent) were the next-closest, which suggests that many still grab snack-sized videos on their phones instead of full movies or TV shows. We don't expect the status quo to budge much in the near future, whether it's on mobile or a fixed-line. Without major initiatives from veterans or the arrival of a new upstart, it isn't clear just what would rock the boat.
HTTP standards group looks to SPDY protocol to influence HTTP/2.0
Google's SPDY protocol is already gaining traction among web browsing heavyweights such as Chrome and Firefox, but its next step may be its biggest showing to date -- albeit in a different form. According to Mark Nottingham, the chairperson of the committee behind the HTTP protocol, a decision was made to focus on SPDY as the starting point for HTTP/2.0 discussion. Now, in case you couldn't tell, this is far from a sure thing, and as is, the HTTPBIS Working Group is currently targeting 2014 for the new specification's release. The decision is important, however, as the group seems intent to not reinvent the wheel with HTTP/2.0. While Nottingham made it clear that SPDY wouldn't serve as an outright replacement for HTTP -- for example, the "methods, status codes, and most of the headers" will remain the same -- there's now a high likelihood that SPDY will heavily influence the new protocol. Up next, Nottingham will open the discussion to the group's mailing list, and after that, approval will be sought from the Internet Engineering Steering Group (IESG). Once those steps are out of the way, however, we can expect work to begin in earnest toward the development of HTTP/2.0, and hopefully, a lot of speedy influences.
Pebble ties itself up in Twine: sounds so rustic, couldn't be any less (video)
Take an e-ink e-paper smartwatch that's got plenty of willing customers, throw in a WiFi-connected sensor box and well, imagine the possibilities. The founders behind Pebble and Twine hope you are, because they have announced that the pair will be connectable through the latter's web-based interface. This means you'll be able to setup text notifications to your wrist when your laundry's done, when someone's at your door and plenty more mundane real-world tasks. A brief video explains how it should all go down, but try not to get too excited -- pre-orders are sadly sold out.
Google badmouths HTTP behind its back, proposes SPDY as a speedy successor
If there's anything that Google doesn't like, it's things that collect dust. The company is famous for its annual spring cleaning efforts, in which the firm rids itself of redundant and dead-end projects, along with more bullish moves, such as its push to overhaul the internet's DNS system. Now it's looking to replace HTTP with a new protocol known as SPDY, and to that end, it's demonstrating the potential speed gains that one might expect on a mobile network. According to the company's benchmarks, mean page load times on the Galaxy Nexus are 23 percent faster with the new system, and it hypothesizes that further optimizations can be made for 3G and 4G networks. To its credit, Google has already implemented SPDY in Chrome, and the same is true for Firefox and Amazon Silk. Even Microsoft appears to be on-board. As a means to transition, the company proposes an Apache 2.2 module known as mod_spdy, which allows web servers to take advantage of features such as stream multiplexing and header compression. As for HTTP, it's no doubt been a reliable companion, but it seems that it'll need to work a bit harder to earn its keep. Stay weird, Google, the internet wouldn't be the same without you.
Microsoft's 'HTTP Speed + Mobility' aims to make the web faster, could be the next big ping
We're generally satisfied with our internet performance, but we wouldn't say no to a speed boost. A Microsoft blog post reveals plans to enable just that, with the company's proposed "HTTP Speed + Mobility" approach to HTTP 2.0. Have you thought about what life would be like with a faster internet? MS says Y-E-S! "There is already broad consensus about the need to make web browsing much faster," the company proclaimed. Juicy. The suggested protocol will, well, focus on achieving greater speed, but Microsoft hasn't detailed exactly how it will accomplish that, beyond mentioning that it's based on the Google SPDY protocol, which on its own aims to reduce latency and congestion by prioritizing requests and removing the limit on simultaneous streams over a single TCP connection. For its part, MS says it will be expanding on SPDY to "address the needs of mobile devices and applications," which we presume would be in Google's best interests as well. It's safe to say that Microsoft's being a bit more forthcoming during its meetings with the Internet Engineering Task Force (IETF) this week -- the organization responsible for creating HTTP 2.0 -- so perhaps we'll be hearing more about this fabled faster internet before we turn anew to Q2.
Insert Coin: Twine connects your whole world to the internet
In Insert Coin, we look at an exciting new tech project that requires funding before it can hit production. If you'd like to pitch a project, please send us a tip with "Insert Coin" as the subject line. Wouldn't it be great if your laundry emailed you when it had finished? You got a tweet every time the room got too cold, or your basement sent you a text if it began to flood? "Easy," says the Arduino expert in the peanut gallery, but what about those with neither the time nor inclination to solder and program it from scratch? Fortunately, the gentlemen who founded Supermechanical feel our pain and have just the tonic for our maladies -- head on past the break to find out more.
Latest TiVo Premiere update sets the stage for multiroom or iPad streaming?
While we're still not sure exactly what's been changed in the most recent 14.8 software update some users have gotten on their TiVo Premieres, a poster on the TiVo Community forums has found a change in the TiVo's XML file that suggests its getting ready for streaming support. Every TiVo provides an XML feed that can be read by other devices or software on the network and moyekj noted there is a field he hadn't sen before marked "StreamingPermission." Rumors have indicated streaming to other TiVo Premiere boxes, a multiroom companion extender or even to the iPad previously so it's not immediately clear what this switch could toggle if it were marked yes, but for now, it's marked no so feel free to speculate as wildly as possible. [Thanks, @BrennokBob]
Chrome and Firefox adding new opt-out features to prevent third-party advertisers from tracking you
Ever been freaked out by an online ad that seemed to know you that little bit too well? It's the result of good old advertisers tracking your net-navigating habits and delivering targeted commercials to your eyeballs, but it can be prevented. Both Google and Mozilla have stepped up (or perhaps been pushed by the FTC) to try and tackle this issue of pernicious tracking cookies, but they've gone about it in different ways. The Chrome solution is a Keep My Opt-Outs browser extension that remembers the sites you don't want personalized information from, while Firefox will start beaming out a Do Not Track HTTP header that should be respected by advertisers and result in you receiving generic, repetitive ads. The important commonality between the two is that they don't rely on you preparing a cookie file with all your anti-advertiser bile contained within it (which was the FTC's original, somewhat impractical idea). Google intends to open-source its extension and bring it to other browsers as well, though obviously it's taking care of Chrome first, which can benefit from the add-on right now.
Firesheep makes stealing your cookies, accessing your Facebook account laughably easy
A software developer called Eric Butler doesn't just want to make you aware of the lax security of most social networking sites, he wants to force you to do something about it! To that end, he's developed Firesheep, a Firefox add-on that even the least technically inclined among us can use to eavesdrop on open WiFi networks and capture your fellow users' cookies. Any time a site recognized by Firesheep (including Twitter, Flickr, Facebook, and Dropbox) is accessed by a user on your network, Firesheep provides you with an icon and a link to access that account. Sure, had these sites used SSL to begin with this would be nigh in impossible; but they don't, so it is possible. And easy! And fun! Keep in mind, we're not suggesting that you give this a try yourself (far from it!) but we do hope you look into the larger issues involved here, and take the appropriate steps to force sites to use SSL, and protect yourself in the process (we hear that HTTPS Everywhere and Force-TLS are good places to start). Because, really -- Internet security is enough of a problem without giving everybody at the Coffee Bean your Facebook credentials.
Apple requiring the HTTP live stream protocol for iPhone apps
Amidst all of Apple's recent app non-rejections and changes to allow APIs that were private, it was announced earlier this week that the company is now requiring developers of apps that implement live streaming video to use the HTTP Live Stream protocol. The HTTP Live Stream protocol uses web standards to implement video, and also allows for use of iPhone-friendly formats like H.264 encoded streams for QuickTime (supported on the iPhone since iPhone OS 3.0). This change also requires developers to create a minimum stream of video no larger than 64kbps, for use with slower connections. It's still not known if this will have any impact on AT&T's position on streaming video over a 3G connection, but developers are still trying to find ways to work around Apple's restrictions. One example is the EyeTV update that was released earlier today, which works via Mobile Safari to stream video over a 3G connection.
Will HDTV elevate the standard for PC content?
Getting video feeds over the 'net is hardly a problem these days, but fetching honest-to-goodness HD footage is far less common. Granted, we've seen HD IPTV options crop up here and there, but finding new, unique HD programming streams online is more the exception than the rule. Still, the continual growth of HDTV over cable, fiber and satellite makes us wonder if PC content won't be forced to measure up or get disregarded. Of course, there's always the issue of bandwidth to deal with, but considering just how many individuals are now looking to the internet for at least some of their television needs, it just seems like a matter of time before we'll be watching more than previously aired online versions of our favorite nighttime dramas in high-definition. Or, at least we hope.[Image courtesy of ABC]
